Frequently Asked Question

The private key is only stored in encrypted form, using PGP symmetrical encryption(1). In August 2017 we also added another layer to protect the private keys. They are now stored anonymously, this means that we are unable to determine which private key belongs to a specific user, you can read more here about this new layer.

(1) The user-password is converted to a AES-256 key using OpenPGP's Iterated and Salted S2K (2), the iteration code is set to 192, which equals to approx. 4 MB of data to hash (password+salt iterated), for a single password. This makes the password very slow to bruteforce(3). All decryption is done on the users own computer, the password is never sent to our server.